According to my password manager, I have 328 entries in it. That’s a lot of accounts to keep track of. What most people do is that they have the same password for almost all accounts. This means that, if one of those 300+ sites gets hacked and exposes personal information, hackers would have the access to all of your accounts.
However, unless you keep them on a notebook, it is impossible to remember so many passwords for so many different services. Even worse, there are some sites that ask you for some specific requirements (such as at least one capital letter or one number), which could mean that there are even more variables that you need to remember.
For this kind of situations, password managers were created.
What is a password manager?
It is simply a service that stores your passwords safely so you don’t have to remember all your different logins. There are several password managers out there, including:
- LastPass
- Dashlane
- Bitwarden
- 1Password
- Enpass
- Google Smart Lock
I won’t go into details, since an analysis of them merits its own article, but they all work in extremely similar ways. You store your logins there, or generate random passwords through them. When you need to use them, you can retrieve this information to be filled for you.
Once you have an account in one of them, all of your passwords can only be used once you input a master password. Most of them also add the possibility of two-factor authentication, making it even more secure.
Thus, you move from having to remember hundreds of passwords to only one, giving you the chance to use a very strong one and change it over time. There’s also the possibility to unlock the app with your fingerprint, adding even more security to it.
In case a site is hacked and your password is compromised, you have the peace of mind of having different passwords for all sites, so there’s no risk of losing additional data. All you need to do is generate a new one for the affected site. Password manager companies also employ full-time security experts that use advanced encrypting methods so that, in the case of a security breach, the information will be useless to hackers.
How to use a password manager?
My password manager of choice is the open-source Bitwarden. However, the idea is almost the same for every password manager out there. Password managers normally have the limitation of not allowing screenshots while they are on the foreground (frankly, a sensible decision), so I won’t be able to show screenshots for Bitwarden itself.
After creating an account, you should download the app to your phone. After logging in, you will have all of your passwords at your disposal. As previously said, you can configure password managers to be unlocked with your fingerprint. Some of them also let you generate a PIN code to unlock the vault.
In case you also use a desktop or laptop, most password managers have browser extensions. These let you autofill login information directly into the username and password fields on websites.
Now, let’s say you want to log into Twitter. First, you need to add the entry to the password manager. This includes saving the name of the service, the username and the password. There is also an option for saving a URL, so, if you visit http://bit.ly/2OxYouC on your computer with the password manager extension installed, it will automatically suggest to autofill for you when trying to log in. Pretty neat!
Autofill service
A bunch of passwords stored in an app are worthless unless you have a way to use them. In Android versions before Oreo, the only way for a password manager to know in what apps you are and which fields to fill was turning on an accessibility service for the password manager app.
While it mostly worked, this was hacky, clunky, unreliable, and consumed battery life. With the introduction of Android Oreo, the system now lets password manager developers use the autofill service.
In order to activate it, head to the settings of your phone, then System (General Management in Samsung devices), then Language and input, and then Autofill service.
After activating this, you can go to the Twitter app, and you will get a nice prompt in which the app tries to infer in which app you are, and suggest you the best options for said app. In case it gets it wrong, you can also head to the app and look for an entry yourself.
Manual copy and paste
The autofill service introduced in Android Oreo only works on apps. For it to work on browsers, you need a device with Android Pie. If you want to log in to Twitter on your mobile browser without Pie, or you don’t want to turn on the accessibility/autofill services, then there’s always the old but reliable copy and paste. Just open your password manager, copy the password and then paste it into the appropriate password field.
Conclusion
In this day and age, where data breaches are increasingly common in an industry obsessed with account creation, password managers are a reliable way of having different passwords for the plethora of services we use everyday. Sure, it takes time to add passwords to the manager, and your workflow might change a little, but the minor inconveniences are worth it. Having the peace of mind that your accounts have unique passwords that do not compromise the credentials in other services gets you a little bit closer to having a secure digital life. Try one out today!
by Gerson Noboa via AndroidGuys
Posts
No comments: